ALSA-2025:7466

[ALSA-2025:7466] Moderate: delve and golang security update

Type:

security

Severity:

moderate

Release date:

2025-07-02

Description:

Delve is a debugger for the Go programming language. The goal of the project is to provide a simple, full featured debugging tool for Go. Delve should be easy to invoke and easy to use. Chances are if you're using a debugger, things aren't going your way. With that in mind, Delve should stay out of your way as much as possible.  

Security Fix(es):  

  * golang: crypto/x509: crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints (CVE-2024-45341)
  * golang: net/[http:](http:) net/[http:](http:) sensitive headers incorrectly sent after cross-domain redirect (CVE-2024-45336)
  * crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec (CVE-2025-22866)


For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	golang-bin-1.23.7-1.el10_0.alma.1.aarch64.rpm	180e09494b33c5e1fa38279b1b9a3cce8751f78de15e9001d0dd155273132e03
aarch64	delve-1.24.1-1.el10_0.aarch64.rpm	4ff815ca1f048e10be1cb74978650077f75175286c2437d3edafd3c8752e120a
aarch64	go-toolset-1.23.7-1.el10_0.alma.1.aarch64.rpm	b176dbb07462722c62bcd2dbb97c4044703f0c45591bac7bf04eb03c36343275
aarch64	golang-1.23.7-1.el10_0.alma.1.aarch64.rpm	cf4b141a6f4e2b97198f4b0727118e5af5b69205d838ae124b2f045fd2bae1cc
noarch	golang-docs-1.23.7-1.el10_0.alma.1.noarch.rpm	32fff62ab18d61eac0c68eed66cfbd0a793c99f5fc39b91ada6abe9384c1a7e1
noarch	golang-misc-1.23.7-1.el10_0.alma.1.noarch.rpm	5b6f50b2a512925b6b233058c7833a888cc2879f882ebd3340a514714973db32
noarch	golang-src-1.23.7-1.el10_0.alma.1.noarch.rpm	bb5e2c673d590b851456e03a6377978b7ce2f55a9616536b3b5efa72d131120c
noarch	golang-tests-1.23.7-1.el10_0.alma.1.noarch.rpm	fdd098c94e230afd4b94308666ee1a2534d470d9a28f0cb3eecfa1c015895a95
ppc64le	golang-bin-1.23.7-1.el10_0.alma.1.ppc64le.rpm	3afea0f9f95b372b7c9604104c85c9df6c9e960053671dbadbcf7557a97df9d0
ppc64le	go-toolset-1.23.7-1.el10_0.alma.1.ppc64le.rpm	9fea8dbe5824c21f73d6c77dd8cabe7350c62f78aa1be3d2652e4f7faf80902d
ppc64le	delve-1.24.1-1.el10_0.ppc64le.rpm	a9d58eabda1428e5f74cefb8662b5d9d21a4c9c79ab59a555db9d7f6241d843b
ppc64le	golang-1.23.7-1.el10_0.alma.1.ppc64le.rpm	e7e9b70445cdc572777ef007ca1c2bad6dcd4b4a6c1074b78a536549863b6d31
s390x	golang-bin-1.23.7-1.el10_0.alma.1.s390x.rpm	0035ebdc1478a8b56ccdf95b329f61cdf83a86eb2533a885d3f495af53095da4
s390x	go-toolset-1.23.7-1.el10_0.alma.1.s390x.rpm	65428c7145d5242dbc7998529b2b40aae775138bc5e143e1d248ec0e4da285fa
s390x	golang-1.23.7-1.el10_0.alma.1.s390x.rpm	803259d704ef9f1d297d258ca84c6d1febc4266ede14845f63105a1068342806
x86_64	golang-bin-1.23.7-1.el10_0.alma.1.x86_64.rpm	175baccfca9b437be0c648459450f6b8c70ee2192650e24e8ca3f8c027fd51aa
x86_64	go-toolset-1.23.7-1.el10_0.alma.1.x86_64.rpm	34c3ee558b21cb0f74beed8b70a996d93be45c18da88c8522c14f9a3985ebb8c
x86_64	golang-1.23.7-1.el10_0.alma.1.x86_64.rpm	3d28a9956f0416603af4ddf0a3c8d94a1e0471de18b3a72945eaab9b36aa69e4
x86_64	delve-1.24.1-1.el10_0.x86_64.rpm	c058b5d81a7ed48bd3d67f1e1a01fdcd5dff3b1a02493776340ce39e7e91bfea
x86_64_v2	golang-1.23.7-1.el10_0.alma.1.x86_64_v2.rpm	070abf399b795443dc5ec91938752f33826b711d52fe1e5da9c92cf78cdddda8
x86_64_v2	delve-1.24.1-1.el10_0.x86_64_v2.rpm	08519abebf95ed19095f182ce83c2c46a4d4a01380f673039a33a9b9ce7684ce
x86_64_v2	golang-bin-1.23.7-1.el10_0.alma.1.x86_64_v2.rpm	13147e0576808a6bbf6b6175d89abc0e038b46370a1bd6039935d57cca55eb5e
x86_64_v2	go-toolset-1.23.7-1.el10_0.alma.1.x86_64_v2.rpm	5c4922e0d4f007efa4688e8ee4d158832eb880acf8c2ffd19b5574b79d8844d8

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.